242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd

Analysis

max time kernel
152s
max time network
157s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 05:36 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
Size

832KB
MD5

dc57cea633e4fab658ec12066f4d0291
SHA1

8fcbcbfa132d7a471405863f09e121f944546a9a
SHA256

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd
SHA512

8197855a21e5a2f6c3a87dc4dc49a6b26707ce9751db9f4a1ac2fab2917b474af3e184f467c1f46e76b4080f064dabe292658889a1978b228800eb1425db8e42
SSDEEP

12288:tPQyqgtrdlpCrW4F5cPdxCoqsWIstry4Lf+Bdql+r0U5cV5tWcoPpdjCNaY8:hcgj6rWJVMC+d2Bdql5U5cMcid0

Score

8^/10

discovery persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/856-57-0x0000000001220000-0x0000000001449000-memory.dmp	upx
behavioral1/memory/856-58-0x0000000001220000-0x0000000001449000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SonyAgent = "C:\\Users\\Admin\\AppData\\Local\\Temp\\242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe"	242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

C:\Users\Admin\AppData\Local\Temp\242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
"C:\Users\Admin\AppData\Local\Temp\242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
PID:856

Network

No results found

109.191.73.182:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49165

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
127.0.0.1:49168

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
89.167.18.34:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
109.185.162.215:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49172

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
94.30.199.10:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49175

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
87.110.21.17:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49178

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
112.209.8.2:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
120 B
3
3
127.0.0.1:49181

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
127.0.0.1:49184

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
84.240.226.107:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49187

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
1.25.24.41:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
194.187.138.162:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49190

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
76.109.38.2:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49193

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
84.109.190.57:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49196

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
49.206.16.2:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49199

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
127.0.0.1:49202

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
31.131.77.24:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
111.255.106.11:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

152 B
3
127.0.0.1:49205

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
127.0.0.1:49208

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe
37.229.41.138:80

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd.exe

104 B
2

No results found

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-54-0x0000000076151000-0x0000000076153000-memory.dmp

Filesize
8KB

Download
memory/856-55-0x0000000000A20000-0x0000000000AEB000-memory.dmp

Filesize
812KB

Download
memory/856-56-0x0000000000BB0000-0x0000000000C74000-memory.dmp

Filesize
784KB

Download
memory/856-57-0x0000000001220000-0x0000000001449000-memory.dmp

Filesize
2.2MB

Download
memory/856-58-0x0000000001220000-0x0000000001449000-memory.dmp

Filesize
2.2MB

Download